scanning-input-validation-practices
This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill scanning-input-validation-practices87
Quality
60%
Does it follow best practices?
Impact
90%
1.09xAverage score across 12 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/input-validation-scanner/skills/input-validation-scanner/SKILL.mdDiscovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes natural trigger terms users would actually say, explicitly states both what the skill does and when to use it, and carves out a distinct niche in input validation security scanning. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'scan source code for potential input validation vulnerabilities', 'identifies areas where user-supplied data is not properly sanitized', and names specific vulnerability types (SQL injection, XSS, command injection). | 3 / 3 |
Completeness | Clearly answers both what (scans for input validation vulnerabilities, identifies unsanitized user data) and when (explicit 'Use this skill when...' clause with specific trigger phrases and use cases like code reviews and security audits). | 3 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms users would say: 'scan for input validation issues', 'check input sanitization', 'find potential XSS vulnerabilities', plus contextual triggers like 'code reviews', 'security audits', and 'hardening applications'. | 3 / 3 |
Distinctiveness Conflict Risk | Has a clear niche focused specifically on input validation vulnerabilities with distinct triggers like 'XSS', 'SQL injection', 'input sanitization' that are unlikely to conflict with general code review or other security skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content reads like marketing copy rather than actionable technical guidance. It explains what input validation scanning is and why it matters (which Claude already knows) but fails to provide the concrete details needed to actually use the input-validation-scanner plugin—no command syntax, no configuration options, no example output formats.
Suggestions
Add concrete plugin invocation syntax showing exactly how to call the input-validation-scanner (e.g., command format, required parameters, file path specifications)
Include an example of actual scanner output so Claude knows what format to expect and how to interpret results
Remove the Overview, 'How It Works', and 'When to Use' sections—this context is already provided in the skill description and wastes tokens
Add specific guidance on what to do when vulnerabilities are found (remediation patterns, code examples of proper sanitization)
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what XSS is, what SQL injection is, why input validation matters). The 'Overview' and 'How It Works' sections add little actionable value and could be eliminated entirely. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance is provided. The examples describe what the skill 'will do' in abstract terms rather than showing actual plugin invocation syntax, expected output formats, or specific commands to run. | 1 / 3 |
Workflow Clarity | Steps are listed in 'How It Works' but lack specifics on how to actually invoke the scanner, what parameters it accepts, or how to interpret results. No validation checkpoints or error handling guidance is provided. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline in one file. The 'Integration' section mentions other skills but doesn't link to them. No references to detailed documentation for the input-validation-scanner plugin. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.